Merge pull request #1245 from Kinto/1243-json-validation-crash

Fix jsonschema validation crash with unknown required properties (fixes #1243)
Kinto · May 31, 2017 · 5e2a13b · 5e2a13b
2 parents 121e4df + 42b5cb9
commit 5e2a13b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -21,6 +21,7 @@ This document describes changes between each past release.
 - Fix removal of timestamps when parent object is deleted (fixes #1233)
 - Do not allow to reuse deletion tokens (fixes #1171)
 - ``accounts`` plugin: fix exception on authentication. (#1224)
+- Fix crash with JSONSchema validation of unknown required properties (fixes #1243)
 
 
 7.0.1 (2017-05-17)

diff --git a/kinto/views/records.py b/kinto/views/records.py
@@ -65,10 +65,10 @@ def process_record(self, new, old=None):
             stripped.pop(self.schema_field, None)
             jsonschema.validate(stripped, schema)
         except jsonschema_exceptions.ValidationError as e:
-            try:
-                field = e.path.pop() if e.path else e.validator_value.pop()
-            except AttributeError:
-                field = None
+            if e.validator_value:
+                field = e.validator_value[-1]
+            else:
+                field = e.schema_path[-1]
             raise_invalid(self.request, name=field, description=e.message)
 
         new[self.schema_field] = collection_timestamp

diff --git a/tests/test_views_collections_schema.py b/tests/test_views_collections_schema.py
@@ -90,6 +90,25 @@ def test_schema_should_be_json_schema(self):
         error_msg = "'Washmachine' is not valid under any of the given schemas"
         self.assertIn(error_msg, resp.json['message'])
 
+    def test_extra_unknown_required_property(self):
+        schema = {**SCHEMA, "required": ["unknown"]}
+        self.app.put_json(COLLECTION_URL,
+                          {'data': {'schema': schema}},
+                          headers=self.headers)
+
+        record = {'title': 'bug 1243'}
+        r = self.app.post_json(RECORDS_URL,
+                               {'data': record},
+                               headers=self.headers,
+                               status=400)
+        self.assertEqual("'unknown' is a required property", r.json["message"])
+
+        # With bug Kinto/kinto#1243, the second call would crash.
+        self.app.post_json(RECORDS_URL,
+                           {'data': record},
+                           headers=self.headers,
+                           status=400)
+
 
 class RecordsValidationTest(BaseWebTestWithSchema, unittest.TestCase):
     def setUp(self):